Debian Update Introduces Security, Bans Adobe Flash

The update Debian 4.0 alias Etch to 4.03r sees the free project mainly add security patches and remove the Adobe Flash plugin from the official repository.

If you use Debian 4.0, you can launch Aptitude to download the required packages from ftp.debian.org or a mirror server. Users who load Debian updates on a regular basis will not need to modify too many packages according to the developers. Images containing the new status will be available shortly. A Debian Installer update forces users who work with netboot or floppy images to download newer versions.

Some 50 security fixes make the update interesting for anyone wanting to avoid implementing individual fixes. A list of the patches packages and the related advisories is available in the Release Notes. The vulnerabilities fixed by the update range from DoS attacks to code execution and privilege escalation to SQL injection.

One major change cited by the Debian project is the removal of "Flashplugin-nonfree", which will be moved to the Backports repository. Security concerns led to this move. There is no security support for the closed source program.Users are advise to remove the Adobe program and any residues it leaves behind for esc reasons. The Changelog lists the modified packages.

Adobe announced a critical vulnerability for its Flash Player 9.0.159.0 and 10.0.22.87 and earlier, along with the authplay.dll component in its Reader and Acrobat 9.x., that goes across platforms in Windows, Macintosh, Linux and Solaris.